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USER CONNECTS TO WEB 
SITE AND CLICKS INTO 
REGISTRATION PAGE 



WEB SERVER MARKS 
BROWSER WITH A 
SESSION COOKIE 



1. WEB SERVER 
GENERATES 
TRANSACTION TOKEN 
AND DOWNLOADS TOKEN 
TO USERS BROWSER 

2. WEB SERVER SENDS 
SITE-TO-SITE 
REGISTRATION REQUEST 
TO REGISTRATION 
AUTHORITY SERVER 

3. USER IS LINKED TO 
REGISTRATION 
AUTHORITY SERVER 
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USER'S BROWSER 
PRESENTS TOKEN TO 
REGISTRATION 
AUTHORITY SERVER 
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REGISTRATION AUTHORITY 
SERVER MARKS BROWSER 
WITH A SESSION COOKIE AND 
VALIDATES TOKEN 
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REGISTRATION 
PROCESS IS ABORTED 



TO FIGURE 6(b) 



Figure 6(a) 



REGISTRATION AUTHORITY 
SERVER ASKS USER FOR 
HEALTH PLAN 
INFORMATION AND ASKS 
IDENTIFYING QUESTIONS 
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ANSWERS AR 
AGAINST ELK 
DATABASE 


E CHECKED 
3IBILITY 




REGISTRATION 
PROCESS IS ABORTED 



Y 

I 

REGISTRATION AUTHORITY 
INQUIRES OF WEB SERVER 
WHETHER WEB ID 
ALREADY EXISTS FOR USER 




WEB ID IS 
E-MAILED 



TO FIGURE 6(c) 



Figure 6(b) 



1. REGISTRATION 
AUTHORITY SERVER 
GENERATES 
TRANSACTION TOKEN 
AND DOWNLOADS 
TOKEN TO USER'S 
BROWSER 

2. REGISTRATION 
AUTHORITY SERVER 
SENDS SITE-TO-SITE 
PASSWORD REQUEST TO 
PASSWORD SERVER 
WITH PS-UAI AND 
TRANSACTION NUMBER 
OF TOKEN 



3. USER IS LINKED TO 
PASSWORD SERVER 
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USER'S BROV 
PRESENTS T( 
PASSWORD £ 


^SER 

DKENTO 

>ERVER 



J 

PASSWORD SERVER MARKS 
BROWSER WITH A SESSION 
COOKIE AND VALIDATES 
TOKEN 




REGISTRATION 
PROCESS IS ABORTED 
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TO FIGURE 6(d) 



Figure 6(c) 



USER IS PROMPTED BY 
PASSWORD SERVER TO 
CREATE PASSWORD 



USER INPUTS PASSWORD 
AND TRANSMITS 
PASSWORD TO 
PASSWORD SERVER 

PASSWORD SERVER 
STORES MAC'd VERSION 
OF PASSWORD IN 
PASSWORD SERVER 
DATABASE UNDER PS-UAI 
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1. PASSWORD SERVER 
GENERATES TRANSACTION 
TOKEN AND DOWNLOADS 
TOKEN TO USER'S 
BROWSER 



2. PASSWORD SERVER 
SENDS SITE-TO-SITE 
RESPONSE TO 
REGISTRATION 
AUTHORITY SERVER WITH 
PS-UAI AND TRANSACTION 
NUMBER OF TOKEN 



3. USER IS LINKED TO 
REGISTRATION 
AUTHORITY SERVER 



USER'S BROWSER 
PRESENTS TOKEN TO 
REGISTRATION 
AUTHORITY SERVER 
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REGISTRATION AUTHORITY 
SERVER VALIDATES TOKEN AND 
CHECKS COOKIE 




REGISTRATION 
PROCESS IS ABORTED 



Figure 6(d) 



REGISTRATION 
AUTHORITY SERVER 
UPDATES ELIGIBILITY 
DATABASE TO SHOW 
USER AS IDENTIFIED 
WEAK AND 

AUTHENTICATED WEAK 



1. REGISTRATION 
AUTHORITY SERVER 
GENERATES 
TRANSACTION TOKEN 
AND DOWNLOADS TOKEN 
TO USER'S BROWSER 

2. REGISTRATION 
AUTHORITY SERVER 
SENDS SITE-TO-SITE 
REQUEST TO WEB SERVER 
TO ISSUE WEB ID WITH W- 
UAI AND TRANSACTION 
NUMBER OF TOKEN 

3. USER IS LINKED TO 
WEB SERVER 
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USER'S BROWSER 
PRESENTS TOKEN TO 
WEB SERVER 



WEB SERVER VALIDATES 
TOKEN AND CHECKS 
COOKIE 
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REGISTRATION 
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PROCESS IS ABORTED 



WEB SERVER ISSUES (OR IN 
THE CASE OF RE- 
REGISTRATION RE- 
DISPLAYS) WEB ID TO USER, 
STORES WEB ID IN USER 
DATABASE AS WEAKLY 
IDENTIFIED AND WEAKLY 
AUTHENTICATED AND LOGS 
USER INTO WEB SITE 



Figure 6( 



WEB SERVER GENERATES CUSTOMIZATIONS 
ACTIVATION CODE AND TRANSMITS CODE 
TO VFS SERVER WITH VFS-W-UAI 
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REGISTRATION AUTHORITY TRANSMITS 
USER'S NAME AND ADDRESS TO 
VFS SERVER WITH VFS-W-UAI 



VFS SERVER CORRELATES CUSTOMIZATIONS 
ACTIVATION CODE WITH USER NAME 
AND ADDRESS BASED ON VFS-W-UAI 



VFS MAILS CUSTOMIZATIONS ACTIVATION 
CODE TO USER VIA U.S. MAIL 



USER CONNECTS TO WEB SERVER 
AND CLICKS INTO LOG-IN PAGE 
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USER PRESENTS WEB ID TO WEB 
SERVER 
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WEB SERVER VERIFIES WEB ID AND 
OBTAINS CORRESPONDING W-UAI 
FROM USER DATABASE 

WEB SERVER PASSES SESSION TO 
REGISTRATION AUTHORITY SERVER 

WITH W-UAI 
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vk 

REGISTRATION AUTHORITY CONVERTS 
W-UAI TO PS-UAI AND PASSES SESSION 
TO PASSWORD SERVER WITH PS-UAI 
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PASSWORD SERVER PROMPTS USER FOR j 
PASSWORD j 
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USER PROVIDES PASSWORD 
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PASSWORD SERVER VERIFIES PASSWORD J 
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PASSWORD SERVER PASSES SESSION TO 
REGISTRATION AUTHORITY SERVER 
WITH PS-UAI 



REGISTRATION AUTHORITY SERVER 
CONVERTS PS-UAI TO W-UAI AND 
PASSES SESSION TO WEB SERVER WITH 
W-UAI 



! 

j USER IS LOGGED ON TO WEB SITE 
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